Web Protection Library

There are 4 entries for the tag Web Protection Library
AntiXSS 4.0 Release notes

As I’m almost done the AntiXSS 4.0 release notes have been finalised; Minimum Requirements .NET Framework 3.5 Return Values If you pass a null as the value an encoding function the function will now return null. The previous behavior was to return String.Empty. Medium Trust Support The HTML Sanitization methods, GetSafeHtml() and GetSafeHtmlFragment() have been moved to a separate assembly. This enables the AntiXssLibrary assembly to run in medium trust environments, a common user request. If you wish to use the Html Sanitization library you must now include the HtmlSanitizationLibrary assembly. This assembly requires full trust and...

posted @ Tuesday, September 21, 2010 10:33 AM | Feedback (0)

Another new inspector for the SRE, ResponseInspector

When I started off discussing where I would take the Security Runtime Engine with the Developer Security MVPs Raffaele Rialdi asked if there would be a way to inspect raw requests and responses. Whilst I can’t do requests, as I don’t see them until ASP.NET has parsed them I can do responses, via ASP.NET’s filter mechanisms so, despite him tagging someone else as me on Facebook I started to look at how best to do this and came up with  IResponseInspector. The response inspector works slightly differently to the other inspectors – by the time it’s called there is no...

posted @ Wednesday, July 14, 2010 6:35 PM | Feedback (0)

The SRE Preview is now available on CodePlex

The WPL site on CodePlex now has the May CTP code only release for the Web Protection Library and a Word document introducing the new extensibility points for the Security Runtime Engine. I haven’t released binaries because it’s just a preview, it is in no way ready for production and I want to discourage you even thinking of that. So why did I make the source available? Simple – feedback. This represents a rewrite of the Security Runtime and a new way for you to easily write plug-ins for it. Rather than simply decide what’s best for our users...

posted @ Thursday, May 27, 2010 6:11 PM | Feedback (0)

Further work on WPL PlugIns

(And yes, I did mean PlugIns – darned FXCop rules) After a couple of weeks of experimentation with code I think I have the plug-in model complete now. As suggested by Travis in the comments on a previous post as many parameters as possible are now using System.Web.Abstractions. Right now there are three main interfaces: /// <summary> /// Defines methods that must be implemented for request inspection. /// </summary> public interface IRequestInspector : ISecurityRuntimePlugIn { /// <summary> /// Inspects an HTTP request for potential problems. /// </summary> /// <param name="request">The...

posted @ Monday, May 03, 2010 5:56 PM | Feedback (2)